Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
Cybersecurity
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
Gabby Lee April 13, 2026
Public views are invited on radiofrequency jammers to help shape laws targeting cybercrime devices.
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
Cybersecurity
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
Andrew Doyle April 13, 2026
Discover how $100 million in AI resources are being deployed to detect critical vulnerabilities in open source software through Project Glasswing.
AI Browser Extensions Pose a Hidden Risk to Network Security
Application Security
AI Browser Extensions Pose a Hidden Risk to Network Security
Gabby Lee April 13, 2026
Exploring the overlooked risks AI browser extensions pose to network security.
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
Application Security
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
Andrew Doyle April 13, 2026
Marimo faces a severe RCE vulnerability allowing credential theft. Immediate action is crucial.
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
Cybersecurity
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
Mitchell Langley April 13, 2026
Hackers have infiltrated Venice's crucial San Marco flood defenses, revealing vulnerabilities in operational technology.
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
CVE Vulnerability Alerts
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
Gabby Lee April 13, 2026
Adobe releases emergency patches to fix a critical flaw in Acrobat Reader actively exploited in the wild, CVE-2026-34621.
Emerging Threats in Malware Recent Developments in Software Vulnerabilities
Application Security
Emerging Threats in Malware: Recent Developments in Software Vulnerabilities
Andrew Doyle April 13, 2026
New malicious npm packages, deceptive LNK files, and compromised servers illustrate evolving malware tactics.
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
Cybersecurity
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
Mitchell Langley April 13, 2026
U.S. cybersecurity agencies warn of Iran-linked APTs exploiting exposed Rockwell PLCs, urging swift disconnection.
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
Application Security
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
Gabby Lee April 13, 2026
Threat actors compromised the CPUID site for less than 24 hours, deploying a remote access trojan.
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Cybersecurity
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Mitchell Langley April 10, 2026
Atomic Stealer malware targets macOS users, using Script Editor in campaigns exploiting ClickFix attack variations.
Chaos Malware Expands Its Reach to Cloud Deployments
Cybersecurity
Chaos Malware Expands Its Reach to Cloud Deployments
Gabby Lee April 10, 2026
Chaos malware is now targeting misconfigured cloud systems, moving beyond just routers and edge gear.
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
News
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
Andrew Doyle April 10, 2026
Russian APT28 exploits spear-phishing in Ukraine with a novel malware, PRISMEX, harnessing advanced steganography and COM hijacking.
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Cybersecurity
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Mitchell Langley April 10, 2026
OpenSSL patches seven vulnerabilities, with several posing serious Denial of Service attack risks alongside a notable data leakage flaw.
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Application Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Gabby Lee April 10, 2026
CISA mandates U.S. agencies to patch critical Ivanti EPMM vulnerability within four days as active exploitation continues.
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
Cybersecurity
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
Andrew Doyle April 10, 2026
A serious RCE flaw in Apache ActiveMQ Classic hid for 13 years, posing new risks.
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Gabby Lee April 10, 2026
Investigating why consumer GPUs outperform a $30,000 AI GPU in password cracking.
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
Cybersecurity
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
Mitchell Langley April 10, 2026
Signature Healthcare hospital in Massachusetts was forced to cancel some services after a cyberattack disrupted operations.
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Cybersecurity
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Mitchell Langley April 10, 2026
A security incident results in major FleetWave outages across UK and US as Chevin takes affected platforms offline.
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
Cybersecurity
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
Gabby Lee April 10, 2026
Global authorities dismantled a $45M crypto scam, rescuing $12M from fraudsters and aiding 20K affected wallets.
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Application Security
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Andrew Doyle April 10, 2026
Vulnerability in EngageLab SDK put Android cryptocurrency wallets at risk, bypassing security sandbox protections.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Juniper Networks Patches 220 Vulnerabilities in Massive October Security Update
October 13, 2025
Podcasts
Linked Exploitation Campaigns Target Cisco, Fortinet, and Palo Alto Networks Devices
October 13, 2025
Podcasts
Salesforce Refuses Ransom as Scattered LAPSUS$ Hunters Leak Millions of Records
October 13, 2025

Cyber Security News

Application Security
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
May 19, 2026
Application Security
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
May 19, 2026
Application Security
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
May 19, 2026
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Cybersecurity
CoinbaseCartel Steals Grafana Source Code via GitHub Token
May 19, 2026
Cybersecurity
MiniPlasma Windows Exploit Grants SYSTEM Access with No Patch
May 19, 2026
Application Security
Leaked Shai-Hulud Code Fuels npm Infostealer Wave Targeting Devs
May 19, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
April 13, 2026
Marimo faces a severe RCE vulnerability allowing credential theft. Immediate action is crucial.
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
April 13, 2026
Hackers have infiltrated Venice's crucial San Marco flood defenses, revealing vulnerabilities in operational technology.
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
April 13, 2026
Adobe releases emergency patches to fix a critical flaw in Acrobat Reader actively exploited in the wild, CVE-2026-34621.
Emerging Threats in Malware: Recent Developments in Software Vulnerabilities
April 13, 2026
New malicious npm packages, deceptive LNK files, and compromised servers illustrate evolving malware tactics.
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
April 13, 2026
U.S. cybersecurity agencies warn of Iran-linked APTs exploiting exposed Rockwell PLCs, urging swift disconnection.
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
April 13, 2026
Threat actors compromised the CPUID site for less than 24 hours, deploying a remote access trojan.
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
April 10, 2026
Atomic Stealer malware targets macOS users, using Script Editor in campaigns exploiting ClickFix attack variations.
Chaos Malware Expands Its Reach to Cloud Deployments
April 10, 2026
Chaos malware is now targeting misconfigured cloud systems, moving beyond just routers and edge gear.
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
April 10, 2026
Russian APT28 exploits spear-phishing in Ukraine with a novel malware, PRISMEX, harnessing advanced steganography and COM hijacking.
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
April 10, 2026
OpenSSL patches seven vulnerabilities, with several posing serious Denial of Service attack risks alongside a notable data leakage flaw.
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
April 10, 2026
CISA mandates U.S. agencies to patch critical Ivanti EPMM vulnerability within four days as active exploitation continues.
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
April 10, 2026
A serious RCE flaw in Apache ActiveMQ Classic hid for 13 years, posing new risks.
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
April 10, 2026
Investigating why consumer GPUs outperform a $30,000 AI GPU in password cracking.
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
April 10, 2026
Signature Healthcare hospital in Massachusetts was forced to cancel some services after a cyberattack disrupted operations.
FleetWave Users Left Without Service After Chevin Takes Platform Offline
April 10, 2026
A security incident results in major FleetWave outages across UK and US as Chevin takes affected platforms offline.
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
April 10, 2026
Global authorities dismantled a $45M crypto scam, rescuing $12M from fraudsters and aiding 20K affected wallets.
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
April 10, 2026
Vulnerability in EngageLab SDK put Android cryptocurrency wallets at risk, bypassing security sandbox protections.
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
April 10, 2026
UAT-10362 threatens Taiwanese NGOs with new LucidRook malware.
New Extortion Crew Uses Phishing to Breach High-Value Corporations
April 10, 2026
Emerging extortion crew targets corporations through sophisticated phishing schemes.
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
April 10, 2026
Cybercriminals hijacked the Smart Slider 3 Pro plugin update system, pushing malicious versions loaded with multiple backdoors to WordPress and Joomla...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2